Vulnerability Description
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Geode | < 1.3.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102488Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/0fc5ea3c1ea06fe7058a0ab56d593914b05f728a6c9
- https://lists.apache.org/thread.html/232d75150991820d2fe6ba6bd4265fb58b4fe4d9d8d
- https://lists.apache.org/thread.html/3a48163ca1fff757aefa4d9df24a251bb11ddd599a7
- http://www.securityfocus.com/bid/102488Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/0fc5ea3c1ea06fe7058a0ab56d593914b05f728a6c9
- https://lists.apache.org/thread.html/232d75150991820d2fe6ba6bd4265fb58b4fe4d9d8d
- https://lists.apache.org/thread.html/3a48163ca1fff757aefa4d9df24a251bb11ddd599a7
FAQ
What is CVE-2017-9795?
CVE-2017-9795 is a vulnerability with a CVSS score of 7.5 (HIGH). When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to o...
How severe is CVE-2017-9795?
CVE-2017-9795 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9795?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Geode.